How to Encode & Decode URLs Online
Dev Nexus4 min read
Encode or decode a URL or query value in seconds, choosing the right scope — component versus full URL — every time.
Encoding a URL by hand means remembering that a space is %20, an ampersand is %26, and a question mark is %3F — and getting the scope right so you do not shred the URL's structure. An online encoder does all of that instantly.
This is a practical, step-by-step walkthrough for encoding and decoding URLs online: how to prepare a query value, how to decode one someone sent you, and how to pick between encoding a single component and encoding a whole URL.
The Problem
The two operations sound simple but trip people up in opposite ways. When you encode, you have to decide whether you are escaping one value or a full address — encode a value with the wrong tool and you leave its & and = raw, splitting your query; encode a whole URL with the wrong tool and you destroy the :// and / that define it.
Decoding has its own traps. A logged URL might be double-encoded, so a single decode still shows %2520. A form field might use + for spaces, which some decoders leave untouched. Doing this in a console works but is fiddly, and you may not want to paste a URL containing an access token into a random website.
The Solution
The fix is a clear, two-choice workflow: pick the operation (encode or decode) and the scope (a single component or the full URL). Those two decisions cover every case.
For a query value, encode as a component so reserved characters are escaped. For a link that already has its structure and just contains a stray space or accented character, encode as a full URL to keep ://, /, ?, and # intact. To read an encoded string, decode it — and if the result still has percent-escapes, decode again.
The URL Encoder puts both operations and both scopes in one place and runs entirely in your browser, so URLs with tokens or private parameters never leave your machine. If a value carries binary or JSON, combine it with a Baseundefined step first.
Step-by-Step Guide
- 1
Paste your input
Drop the string into the input box — a full URL like
https://example.com/search?q=, a single value likeblack & white, or an encoded string you want to read. - 2
Choose encode or decode
Select Encode to turn characters into
%XXescapes, or Decode to turn%XXsequences back into plain text. The output updates as you type. - 3
Set the scope
For one query value or path segment, use component scope so
&,=, and?are escaped. For an assembled URL you only want to make safe, use full-URL scope so its structure is preserved. - 4
Read and verify the output
For encoding, confirm every reserved and unsafe character was escaped. For decoding, check the result is fully readable; if you still see
%25sequences, decode once more to undo double-encoding. - 5
Copy and use it
Copy the result and paste it into your code, address bar, curl command, or API client. The encoded value is now safe to drop into a query string.
Common Mistakes
Encoding a full URL at component scope
This escapes the
://and/and leaves you with a broken, unusable string. Only use component scope for individual values, not whole addresses.Leaving a value at full-URL scope
Full-URL scope preserves reserved characters, so a value containing
&or=stays raw and corrupts the query. Switch to component scope for values.Decoding only once
Double-encoded URLs need more than one decode pass. If the output still contains
%2520or similar, decode again until it stops changing.Ignoring the + versus %20 distinction
Form-encoded data uses
+for spaces while paths and queries use%20. If spaces come back as literal plus signs, the value was form-encoded — decode it with that in mind.
Frequently Asked Questions
How do I encode just a query parameter?
Paste only the value (not the whole URL), choose Encode, and use component scope. This escapes reserved characters like `&` and `=` so the value stays intact inside the query string.
How do I decode a URL someone sent me?
Paste the encoded URL, choose Decode, and read the output. Every `%XX` sequence becomes its original character, revealing exactly what the link points to.
What if decoding still shows percent signs?
The value was double-encoded. Decode it again — and repeat — until the output stops containing `%25` sequences and reads as plain text.
Is it safe to encode a URL with a token in it?
Yes. The tool runs entirely in your browser and never uploads what you paste, so URLs containing access tokens or private parameters stay on your machine.
Why is my space showing as a plus sign?
That value was encoded as form data (`application/x-www-form-urlencoded`), where a space is `+`. In normal URL paths and queries, a space is `%20`.
Try the Tool
URL Encoder
Encode and decode URLs at the right scope in one place — fast and fully in your browser.
Related Tools
Related Articles
What Is URL Encoding (Percent-Encoding)?
A plain-English guide to percent-encoding: what it is, which characters are reserved or unsafe, and why every query value needs it.
Read articleencodeURI vs encodeURIComponent Explained
The clear difference between encodeURI and encodeURIComponent, with examples showing which one to use for a value versus a whole URL.
Read articleAre UUIDs Really Unique?
In practice UUIDs never collide - here is the math behind why, and the one thing people get wrong: a UUID is an identifier, not a secret.
Read article